Persons’ names, addresses, e-mail addresses, phone numbers, health information, photos etc. can be counted within the scope of personal data which has become increasingly important in the society recently. These personal information which belong to the individuals can be processed for many reasons in daily life. The Personal Data Protection Law (PDPL) numbered 6698 was enacted in order to protect fundamental rights and freedoms of persons, particularly the right to privacy, with respect to processing of personal data and to set forth obligations, principles and procedures which shall be binding upon natural or legal persons who process personal data.
Various obligations have been imposed regarding data controllers who are defined as “the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data filing system.”[1] with the PDPL.One of the obligations imposed under the Law is the one which is regulated under the Article 12/5 of PDPL, is that in case the data processed are obtained by others by unlawful means, the data controllers must notify this situation occurred to the data subject and the Board, within the shortest time. According to the same article; The Board can publish this violation on its own website, too, if necessary.
Under the mentioned obligation, a public announcement titled “Public Announcement (Data Breach Notification) – Kariyer.net Elektronik Yayıncılık ve İletişim Hiz. A.Ş.” was published on the Board’s website on 18.08.2020.[2] In the announcement published, it was stated in the letter sent to the Institution by Kariyer.net Elektronik Yayıncılık ve İletişim Hiz. A.Ş. that a data breach was detected and the date of the breach was 10.08.2020. In the sent letter, it was also mentioned that the data affected by the breach are e-mail addresses, user password, name, surname, date of birth, phone number, profile photo, URL link information, city of residence and district of residence and that the number of people affected by the violation is 40.955 and that the number of records is 53.149. It has been stated that the data subjects can obtain information from adaydestek@kariyer.net and from 0 216 468 76 00 about the data breach.
The Institution stated that the investigation on the subject is still going on and that they decided to publish the violation on the website with the decision dated 18.08.2020 and numbered 2020/634.
[1] Article 3/1-ı of the Personal Data Protection Law
[2] Public Announcement (Data Breach Notification) – Kariyer.net Elektronik Yayıncılık ve İletişim Hiz. A.Ş. https://www.kvkk.gov.tr/Icerik/6786/Kamuoyu-Duyurusu-Veri-Ihlali-Bildirimi-Kariyer-net-Elektronik-Yayincilik-ve-Iletisim-Hiz-A-S-